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Amendments to die Claims 

Clftim 1 (canceled) 



Claim 2 (currently amended): A computer program product for providing end-to-end protection 



2 for datagrams in a computer networking environment, the computer program product embodied 

3 on one or more computer-readable media and comprising: 

4 computer-readable program code means for protecting each of a plurality of network 

5 segments that comprise a network path from a datagram originator to a datagram destination, 

6 further comprising: 

7 computer-readable program code means for establishing a first protected network 

8 segment from the datagram ori^nator to a first of one or mo re gateways gateway in the network 

9 path; 

1 0 computer-readable program code means for cascading ^ero or more protected 

1 1 gateway-to-gateway segments alon p the network patk e ach of the gatewav-to^teway segments 

12 l;)eing cascaded fitnn one of the f r om the first g ateway to each of zero or m o re successive 

1 3 gateways in the network path to a next successive one of the gateways : and 

14 computer-readable p rogram code means for cascading a last protected network 

1 5 segment from a final one of the gateways to the datagram destination, wherein the final gateway 

16 is may be iden t ical to the first gateway if no gateway-to-gateway segments are required, 

1 7 wherein each of the fiul g«itcwji) ' and each of the zer o o i more successive g ateways 

18 retains cleartext access to datagrams sent on the network path. 
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1 Claim 3 (origioal): The computer program product accordmg to Claim 2, Avherein the computer- 

2 readable program code means for establishing and the computer-readable program code means 

3 for cascading further comprise computer-readable program code noeans for establishing security 

4 associations which use strong cryptographic techniques. 

1 Claim 4 (original): The computer program product according to Qaim 3, wherein the strong 

2 cryptographic techniques used for the security associations are provided by protocols known as 

3 Internet Key Exchange and IP (Internet Protocol) Security Protocol. 

1 Qaim 5 (currently amended): The computer program product accordmg to Claim 2, wherein the 

2 computer-readable program code means for cascading further comprises computer-readable 

3 program code means for using identifying information ftom the first protected networic segment 

4 as identifying information of the protected gateway-to-gateway seg^^ients and the last protected 

5 [[final]] network segment 

1 Claim 6 (original): The computer program product according to Claim 5, wherein the identifying 

2 information further comprises addresses of the datagram originator and the datagram destination, 

1 Claim 7 (original): The computer program product according to Claim 6, wherein the identifying 

2 information further comprises a protocol identification and a port number used for the first 

3 protected network segment 
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1 Claini 8 (original): The computer program pnxiuct accoidtog to Claim 4, wherein tbe datagram 

2 OTiginator and the gateways that perform the computer-readable program code means for 

3 cascading each act in an IKE initiator role. 

1 Claim 9 (currently amended): The computer program product according to Claim 2, wherein the 

2 datagram originator and the gateways that perform the computer-readable program code means 

3 for cascading each act [[as]] in an initiator role for a protocol known as Internet Key Exchange. 

1 Claim 1 0 (original): The computer program product according to Claim 5 or Claim 6, wherein 

2 the identifying infomnation is copied fix>m an inbound side of each gateway to an outbound side 

3 of that gateway. 

1 Claim 1 1 (original): The computer program product according to Claim 2, wherein any of the 

2 gateways may perform services on the cleartext datagram. 

1 Claim 12 (ori^nal): The computer program pioduct according to Claim 2; wherein operation of 

2 the computer-readable program code means for cascading may be selectively enabled for any 

3 particular network path. 

1 Claim 1 3 (currently amended): The computer program product according to Claim 12, vsdierein 

2 the selective enablement occurs by setting a cascading-enabled flag for the first protected 

3 network segment, and \v*erein datagrams sent on the network path are not protected using 
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4 cascaded fijotestedsegments tanncte^en the computer-readable program code means for 

5 cascading is disabled. 

1 Claim 14(origmaI): The computerprogramproductaccordiiigto Claim 5, wherein the 

2 identifying infonwation may be altered by zero or nwrc of the gateways. 

Claim 15 (canceled) 

1 Claim 16 (currently amended): A system for providing end-to-end protection for datagrams in a 

2 computer networking enviroimient, comprising: 

3 means for pn>tecting each of a plurality of network segments that comprise a network 

4 path from a datagram originator to a datagram destination, further comprising: 

5 means for establishing a first protected networic segment from the datagram 

6 originator to a first of one or more gateways gateway i n the networic path; 

7 means for cascading zero or more protected gateway-to-gffteway segments ataog 

8 the network t>ath. each of the pateway-tQ-patgwav segments being cascaded from one Qf the from 

9 Hit; fii&i gateway t o each of zer o oi more successive g ateways in the network path to . a . nes t 
10 successive one of the gateways : and 

I \ means for cascading a last protected network segment from a final one of the 

12 gateways to the datagram destination, wherein the final gatewayiiia)' be identical to is the first 

1 3 gateway if no gateway-to-gateway segments arc required. 
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14 >vherein sash^of the fliAl gdlc^vaj miJ cjOi uftlic m^iu m muiL i^ucccjtslvc g ateways 

1 5 retains deartext access to datagrams sent on the n^woric path. 

1 Claim 17 (original): The system according to Claim 16, wherein the means for estabUshtng and 

2 the means for cascading further comprise means for eslabUshing security associations which use 

3 strong cryptographic techniques, 

1 Claim 18 (original): The system according to Claim 17, wherein the strong cryptographic 

2 techniques used for the security associations are provided by protocols known as Internet Key 

3 Exchange and IP (Internet Protocol) Security Protocol. 

1 Claim 19 (currently amended): The systiem according to Claim 16, wherein the means for 

2 cascading further comprises means for iising identi^dng information from the first protected 

3 netwOTk segment as identifying information of the protected gateway-to-gateway segments and 

4 the la§i protected [[final]] network segment 

1 Claim 20 (original): The system according to Claim 19, wherein the identifying toforniation 

2 further comprises addresses of the datagram originator and the datagram destination. 

1 Claim 2 1 (origmal): The system according to Claim 20, wherein the identifying information 

2 further comprises a protocol identification and a port mmiber used for the first protected network 

3 segment 
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1 Claim 22 (origiTial): Tlie system according to Claim 18, whercm the datagram originator and the 

2 gateways that perfomi the means for cascading each act in an IKE initiator role. 

1 Claim 23 (currently amended): The system according to Claim 16, wherein the datagram 

2 originator and the gateways that perform the means for cascading each act [[asj] in an initiator 

3 roJe for a protocol known as Internet Key Exchange. 

1 Claim 24 (original): The system according to Claim 19 or Claim 20, wherein the identifying 

2 inforaiation is copied from an inhound side of each gateway to an outboxmd side of that gateway. 

1 Claim 25 (original): The system according to Claim 16, wherein any of the gateways may 

2 perform services on the cleartwt dats^ram. 

1 Claim 26 (original): The system according to Claim 16, wherein operation of the means for 

2 cascading may be selectively enabled for any particular network path. 

1 Claim 27 (currently amended): The system according to Claim 26, wherein the selective 

2 enablement occurs by setting a cascading-enabled flag for the first protected network segment, 

3 and wherein datagrams sent on the networic path are not protected using cascaded protected 

4 segments timnels •wh^n the means for cascading is disabled. 
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1 Claim 28 (original): The system according to Claim 19, wherein the ideixtiiying infbnnation 

2 be altered by zero or mote of tfie gateways. 

Claim 29 (canceled) 

1 Claim 30 (currently amended): A method of providing end-to-end protection fox datagrams in a 

2 computer networking environment, comprising steps of: 

3 protecting each of a plurality of netwoA segments that comprise a network path ftom a 

4 datagram originator to a datagram destination, further comprising steps of: 

5 establishii^ a first protected network segment firom the datagram orig 

6 first qf one or more gateways tuftteway i n the network path; 

7 cascading zero or more protected gateway-to-gateway segments along the network 

8 path, each of the gatewav-to-gatewav segments bdng ca scaded from one of the fioiu the first 

9 gateway t o each of ger o o r m or e &uc>&esslv& g ateways in the network path to a next st iccessive 

10 one of the gateways: and 

1 1 cascading a last protected network segm ent from a final one of the gateways to the 

12 datagram destination, wherein the final gatewa y may be idcutical t o is the first gateway if no 
] 3 gateway-to-gateway segments are required* 

1 4 wherein each of the firrt gateway and each of the ^to or m o re succej gi v e g ateways 

1 5 retains cleartext access to datagrams sent on the n^work path. 
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1 Claim 3 1 (origina]): The method accordiug to Claim 30, wherein the establishing step and the 

2 cascading step further comprise the step of establishing security associations which use strong 

3 cryptographic techniques, 

1 Claim 32 (original): The method according to Claim 3 1 , wherein the strong cryptographic 

2 techniques used for the security assodations are provided by protocols 

3 Exchange and IP (Intemet Protocol) Security Protocol. 

1 Claim 33 (currently amended): The method according to Claim 30> wherein the cascading step 

2 further comprises the step of using identifying infonnation fioni the first protected network 

3 segn«mt as identifying information of the protected gateway-to-gateway segments and the Jagt 

4 protected [[final]] network segment 

1 Claim 34 (original): The method according to Claim 33, wherein the identifying information 

2 further comprises addr^ses of Ae datagram originator and the datagram destination. 

1 Claim 35 (original): The method according to Claim 34, wherein the identifying information 

2 further comprises a protocol identification and a port number used for the first protected network 

3 segment 

T Claim 36 (original): The method accordii^ to Claim 32, wherein the datagram originator and the 

2 gateways that perform the cascading step each act in an IKE initiator role. 
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1 ClataJ 37 (ounently amended): The meftod accoixlteg to Qaim 30, wherein tiie datagram 

2 originator and the gateways that perform the cascading step each act [[as]] in an initiator role for 

3 a protocol known as Internet Key Exchange- 

1 Claim 38 (original): The method according to Claim 33 or Claim 34, wherein the identiftdt^ 

2 information is copied fiom an inbound aide of each gateway to an outbomid side of that gateway. 

1 Claim 39 (origimal): The method accoitUng to Oaim 30, wherein any of the gateways may 

2 perfomi services on the clearte^ct datagram. 

1 Claun 40 (original): The method according to Claim 30, wherein operation of the cascading step 

2 rot^ be selectively enabled for any particular network path. 

1 Claim 41 (cunendy amended): The metiiod according to Claim 40, wherein the selective 

2 enablement occurs by setting a cascading-enabled fl ag for the first protected network segment, 

3 and v<^erein dat^rams sent on the network path are not protected nsing cascaded protested 

4 segments t unnels when the cascading step is disabled. 

1 Claim 42 (ori^nal): The method according to Claim 33, vviierein the identifying information 

2 m^ be altered by zero or more of the gateways. 
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1 Claim 43 (currently amended): A computer program product for providing end-to-ettd protection 

2 for datagrams in a computer networking environment, the computer program product embodied 

3 on one or more computer-readable media and comprising: 

4 computer-readable program code means for prcrtectiiigeadi of a pltj^ 

5 segments that comprise a network path fiom a datagram originator to a datagram destination, 

6 jfurther comprising: 

7 computersradable program code means for establishing a first protected network 

8 segment from the datagram originator to a first of a plurality of gateways gatcfwaynn the network 

9 path; 

1 0 computer-readable program code means for cascading one or more protected 

1 1 gateway-to-gateway segments along the networic patfa^ each of the gatewav-to-gateway segments 

12 being cascaded from one of the ii o m the first u Aic way to each of o ne or mcnc Aucccssrve 

1 3 gateways in the network path to a next successive one of the gateways, using identifying 

1 4 information ftom the first protected network segment as identifying information of the protected 

15 gateway-to-gateway segments, wherein the identifying information is copied ftom an inbound 

16 side of each gateway to an outbound side of that gatewsQ^; and 

1 7 computer-readable program code means for cascading a last protected network 

18 segment from a final one of the gateways to the datagram destination, using tiic identifying 

1 9 information firom the first protected network segment as identifying information of the last 

20 protected [[final)] network segme nt^ whe r ein the identify tng iiifer t nation Is copied Horn an 

21 inbound side of each gatcw g y to an outbound side o f th^t gatew a y ^ 
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22 vAeiein each of the flrgl gatewaj i jjid c^ch of iLc one or moit &uccfc55ivc g ateways retains 

23 cleartext access to datagrams sent on the n^ork path. 

1 Claim 44 (cuTTOTtly amended): A system for providing end-to-end protection for datagrams 

2 computer nctvvorking environment, comprising: 

3 means for protecting each of a pluraJity of network segments that comprise a network 

4 path from a datagram originator to a datagram destination^ further comprising: 

5 means for establishing a first protected network segmoot finm the datagram 

6 originatnr to a fir^ of a plurality of gateways gatcwary in the network path; 

7 means for cascading one or more protected gateway-to-gateway segments alone 

8 the network patk each of the patgwav-to-catewav segments being cascaded fiom one of the from 

9 Uic fix At j^alcway t o catli of zer o o r mo r e successive g ateways in the network path to a next 

10 successive one of the gateways , using identifying infiormation from the first protected netwoA 

J I segment as identifying information of the protected gateway-to-gateway segments^ wherein the 

1 2 identifying information is copied from an inbound side of each gateway to an outbound side of 

13 that gateway: and 

14 means for cascading a last protected network segment from a final one of the 

1 5 gateways to the datagram destination, using Ae identifying information from the first protected 

1 6 network segment as identifying information of the last protected [[final]] network segment* 

17 wherein the iden ti fying i nfomiation is cop i ed G oin an inbound side of each gateway t o an 

18 o utbound side uf tlu t gateway. 
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19 wherein each of the fil^l gait waj cacli of Oit unc ur muit AuuuLAaivc g ateways retains 

20 cleartext access to datagrams sent on the netwodc path. 

1 Claim 45 (currently amended): A method of providing end-to-end protection for datagrams in a 

2 computer networking environment, comprising steps of: 

3 protecting each of a plurality of network segments that comprise a network path &om a 

4 datagram originator to a datagram destination, further comprising steps of: 

5 estabUsbing a first protected network segment from the datagram originator to a 

6 first of a plurality of gateways gateway in the network path; 

7 cascading one or more protected gateway-to-gateway segments along the ttCtwQrk 

8 path- each of the gatewav-tp-eatewav segments bein g cascaded from one of the fmm die Ci&t 

9 gateway to eadi of ze r o ui jnore successive g ateways in the network path tQ a next succcs^iy.? 

1 0 one of the gateways, using identifying information from the first protected network segment as 

1 1 identifying information of the protected gateway-to-gateway segments, wherein the identifymg 

12 information is copied from an inbound side of each gatewraiy to an outbound side of that gateway; 

13 and 

14 cascading a last protected network segment fcom a final one of the gateways to the 

1 5 datagram destination, using ^ identifying information from the first protected networic segment 

16 as identifying infcmnation of the last protected [[fij^l]] network segment, wherein t he id e ntifyin g 

17 inf o imati a n is copied fium an inbuuitd side o f each ga te way t o an outboimd Aide of tltat gatewa y: 

1 8 wherein each of the fi rst gateway and each c f the o ne or more successive g ateways retains 

19 cleartext access to datagrams sent on the network path. 
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1 Claim 46 (new): The comiKrter program product accotding to Clatro 2, whereiti each of the 

2 protected networic segments has a security policy associated therewith and herein the security 

3 policies may vaiy among the protected network segments. 

1 Claim 47 (new): The system according to Qaim 16, wherein each of the protected network 

2 segments has a security policy associated therewith and wheiem the security policies may vary 

3 among the protected network segments. 

1 Claim 48 (new): The method according to Claim 30, wher^ each of the protected network 

2 segments has a security polfcy associated therewith and wherein the security policies may vary 

3 among the protected network segments. 
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